Tree - rpms/sssd - CentOS Git server

dpward / rpms / sssd

Forked from rpms/sssd 3 years ago

Source
Stats

Blame SOURCES/0094-SDAP-skip-builtin-AD-groups-in-sdap_save_grpmem.patch

Blob History Raw

		9f2ebf	`From 75da39f57ba0223be9bd9906cd3ed902623aed10 Mon Sep 17 00:00:00 2001`
		9f2ebf	`From: Sumit Bose <sbose@redhat.com>`
		9f2ebf	`Date: Mon, 18 Dec 2017 20:30:04 +0100`
		9f2ebf	`Subject: [PATCH 94/96] SDAP: skip builtin AD groups in sdap_save_grpmem()`
		9f2ebf	`MIME-Version: 1.0`
		9f2ebf	`Content-Type: text/plain; charset=UTF-8`
		9f2ebf	`Content-Transfer-Encoding: 8bit`
		9f2ebf
		9f2ebf	`While processing group memberships SSSD might accidentally save builtin`
		9f2ebf	`or other well known AD groups. With this patch those groups are skipped`
		9f2ebf	`similar as e.g. in sdap_save_group().`
		9f2ebf
		9f2ebf	`Resolves:`
		9f2ebf	`https://pagure.io/SSSD/sssd/issue/3610`
		9f2ebf
		9f2ebf	`Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>`
		9f2ebf	`(cherry picked from commit c36a66b7fb77cff29400c751b363a342923e122e)`
		9f2ebf	`---`
		9f2ebf	`src/providers/ldap/sdap_async_groups.c \| 11 +++++++++++`
		9f2ebf	`1 file changed, 11 insertions(+)`
		9f2ebf
		9f2ebf	`diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c`
		9f2ebf	`index b1cfb7e4a4c054e5d365da5fca65da27c9ef5461..bbe6f1386eadbe4eb7b47bea9e5a6bb8ff4ee8eb 100644`
		9f2ebf	`--- a/src/providers/ldap/sdap_async_groups.c`
		9f2ebf	`+++ b/src/providers/ldap/sdap_async_groups.c`
		9f2ebf	`@@ -880,6 +880,8 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,`
		9f2ebf	`int ret;`
		9f2ebf	`const char *remove_attrs[] = {SYSDB_MEMBER, SYSDB_ORIG_MEMBER, SYSDB_GHOST,`
		9f2ebf	`NULL};`
		9f2ebf	`+ const char *check_dom;`
		9f2ebf	`+ const char *check_name;`
		9f2ebf
		9f2ebf	`if (dom->ignore_group_members) {`
		9f2ebf	`DEBUG(SSSDBG_CRIT_FAILURE,`
		9f2ebf	`@@ -905,6 +907,15 @@ static int sdap_save_grpmem(TALLOC_CTX *memctx,`
		9f2ebf	`group_dom = sss_get_domain_by_sid_ldap_fallback(get_domains_head(dom),`
		9f2ebf	`group_sid);`
		9f2ebf	`if (group_dom == NULL) {`
		9f2ebf	`+ ret = well_known_sid_to_name(group_sid, &check_dom, &check_name);`
		9f2ebf	`+ if (ret == EOK) {`
		9f2ebf	`+ DEBUG(SSSDBG_TRACE_FUNC,`
		9f2ebf	`+ "Skipping group with SID [%s][%s\\%s] which is "`
		9f2ebf	`+ "currently not handled by SSSD.\n",`
		9f2ebf	`+ group_sid, check_dom, check_name);`
		9f2ebf	`+ return EOK;`
		9f2ebf	`+ }`
		9f2ebf	`+`
		9f2ebf	`DEBUG(SSSDBG_TRACE_FUNC, "SID [%s] does not belong to any known "`
		9f2ebf	`"domain, using [%s].\n", group_sid,`
		9f2ebf	`dom->name);`
		9f2ebf	`--`
		9f2ebf	`2.14.3`
		9f2ebf

dpward / rpms / sssd

Source Code

Blame SOURCES/0094-SDAP-skip-builtin-AD-groups-in-sdap_save_grpmem.patch